Yes, this is something to conisder. However, we should also make sure that
malicious injection of an empty/invalid CRL file does not completely
eliminate CRL checking for all time. This is a big security loophole. As
much as I dislike CRL's they do serve a purpose. So, the solution is not
completely simple.

On Tue, 2 Nov 2021, Brian P Bockelman wrote:

> Does this actually fix #1543 though? In the last comment there, you mention it fails if the CRL file is non-empty and contains no valid CRLs. Shouldn't we use some of the internal XRootD routines to parse the file and see if there's one CRLs present?
>
> --
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/pull/1547#issuecomment-957943358

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1547#issuecomment-957950121", "url": "https://github.com/xrootd/xrootd/pull/1547#issuecomment-957950121", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1